Upload
fia
View
37
Download
0
Embed Size (px)
DESCRIPTION
Computer Security: Principles and Practice. Chapter 5: Database Security. EECS710: Information Security Professor Hossein Saiedian Fall 2014. Database systems. Structured collection of data stored for use by one or more applications - PowerPoint PPT Presentation
Citation preview
Computer Security: Principles and Practice
EECS710: Information SecurityProfessor Hossein SaiedianFall 2014
Chapter 5: Database SecurityChapter 5: Database Security
2
Database systems
• Structured collection of data stored for use by one or more applications
• Contains the relationships between data items and groups of data items
• Can sometimes contain sensitive data that needs to be secured
• Query language: Provides a uniform interface to the database
3
Database Security
4
Relational Databases
• Constructed from tables of data– each column holds a particular type of data– each row contains a specific value these– ideally has one column where all values are
unique, forming an identifier/key for that row
• Have multiple tables linked by identifiers• Sse a query language to access data items
meeting specified criteria
5
Relational databases
• Table of data consisting of rows and columns– Each column holds a particular type of data– Each row contains a specific value for each column– Ideally has one column where all values are unique,
forming an identifier/key for that row• Enables the creation of multiple tables linked
together by a unique identifier that is present in all tables
• Use a relational query language to access the database– Allows the user to request data that fit a given set
of criteria
6
A relational database example
7
Relational database terms
• Relation/table/file• Tuple/row/record• Attribute/column/field• Primary key: uniquely identifies a row• Foreign key: links one table to attributes in
another• View/virtual table: Result of a query that
returns selected rows and columns from one or more tables
8
Abstract view of a relation
9
Relational Database Elements
10
Structured Query Language
• Structure Query Language (SQL)– originally developed by IBM in the mid-1970s– standardized language to define, manipulate,
and query data in a relational database– several similar versions of ANSI/ISO standard
CREATE TABLE department (
Did INTEGER PRIMARY KEY,Dname CHAR (30),Dacctno CHAR (6) )
CREATE TABLE employee (Ename CHAR (30),Did INTEGER,SalaryCode INTEGER,Eid INTEGER PRIMARY KEY,Ephone CHAR (10),FOREIGN KEY (Did) REFERENCES department (Did) )
CREATE VIEW newtable (Dname, Ename, Eid, Ephone)
AS SELECT D.Dname E.Ename, E.Eid, E.Ephone
FROM Department D Employee E
WHERE E.Did = D.Did
11
SQL injection attacks
• One of the most prevalent and dangerous network-based security threats
• Sends malicious SQL commands to the database server
•Depending on the environment SQL injection can also be exploited to: – Modify or delete data– Execute arbitrary operating system commands– Launch denial-of-service (DoS) attacks
12
A typicalinjectionattack
13
Sample SQL injection
• The SQLi attack typically works by prematurely terminating a text string and appending a new command
SELECT fnameFROM studentwhere fname is ‘user prompt’;
User: John’; DROP table Course;--
14
Sample SQL injection: tautology$query= “SELECT info FROM user WHERE name =`$_GET[“name”]’ AND pwd = `GET[“pwd”]`”;
Attacker enters: ` OR 1=1 –-
15
In-band attacks
• Tautology: This form of attack injects code in one or more conditional statements so that they always evaluate to true
• End-of-line comment: After injecting code into a particular field, legitimate code that follows are nullified through usage of end of line comments
• Piggybacked queries: The attacker adds additional queries beyond the intended query, piggy-backing the attack on top of a legitimate request
16
Database Access Control
• DBMS provide access control for database• assume have authenticated user• DBMS provides specific access rights to portions
of the database– e.g. create, insert, delete, update, read, write– to entire database, tables, selected rows or columns– possibly dependent on contents of a table entry
• can support a range of policies:– centralized administration– ownership-based administration– decentralized administration
17
Inferential attack (gathering info)• There is no actual transfer of data, but the
attacker is able to reconstruct the information by sending particular requests and observing the resulting behavior of the Website/database server– Illegal/logically incorrect queries: lets an
attacker gather important information about the type and structure of the backend database of a Web application
18
Out-band attack
• This can be used when there are limitations on information retrieval, but outbound connectivity from the database server is lax
19
SQLi countermeasures
• Defensive coding: stronger data validation• Detection
– Signature based– Anomaly based– Code analysis
• Runtime prevention: Check queries at runtime to see if they conform to a model of expected queries
20
SQL Access Controls• If the user has access to the entire database or
just portions of it• Two commands:
– GRANT {privileges | role} [ON table] TO {user | role | PUBLIC} [IDENTIFIED BY password] [WITH GRANT OPTION]
• e.g. GRANT SELECT ON ANY TABLE TO john– REVOKE {privileges | role} [ON table] FROM {user | role | PUBLIC}
• e.g. REVOKE SELECT ON ANY TABLE FROM john– WITH GRANT OPTION: whether grantee can grant “GRANT” option to other users
• Typical access rights are:– SELECT, INSERT, UPDATE, DELETE, REFERENCES
21
Cascading Authorizations
22
Role-Based Access Control
• Role-based access control work well for DBMS– eases admin burden, improves security
• Categories of database users:– application owner– end user– administrator
• DB RBAC must manage roles and their users
23
Inference
24
Inference Example
25
Inference Countermeasures
• Inference detection at database design– alter database structure or access controls
• Inference detection at query time– by monitoring and altering or rejecting queries
26
Statistical Databases
• Provides data of a statistical nature– e.g. counts, averages
• Two types:– pure statistical database– ordinary database with statistical access
• some users have normal access, others statistical
• Access control objective to allow statistical use without revealing individual entries
• Security problem is one of inference
27
Protecting Against Inference
28
Perturbation
• Add noise to statistics generated from data– will result in differences in statistics
• Data perturbation techniques– data swapping– generate statistics from probability distribution
• Output perturbation techniques– random-sample query– statistic adjustment
• Must minimize loss of accuracy in results
29
Database Encryption
• Databases typical a valuable info resource– protected by multiple layers of security: firewalls,
authentication, O/S access control systems, DB access control systems, and database encryption
• Can encrypt– entire database - very inflexible and inefficient– individual fields - simple but inflexible – records (rows) or columns (attributes) - best
• also need attribute indexes to help data retrieval
• Varying trade-offs
30
Database Encryption
31
Cloud computing
• An increasing trend in many organizations to move a substantial portion (or all) of their IT to cloud computing
• NIST SP-800-145 defines cloud computing as: “A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. …”
32
Cloud computing elements
33
Essential characteristics: Broad network access• Capabilities available over a network• Accessed thru standard mechanisms• Use by heterogeneous client platforms
(desktops, laptops, tablets, cell phones)
34
Essential characteristics: Rapid elasticity• The ability to expand/reduce services to
specific requirements• Large numbers of servers during the
holidays• Smaller number of resources during off-
peak periods• Release a resource when a task is
completed
35
Essential characteristics: Measured service• Cloud system automatically
– Control and optimize resource use by leveraging a metering capability appropriate to the type of service
– Storage, processing, bandwidth, active users
36
Essential characteristics: On-demand service• A consumer can unilaterally provision
computing capabilities without requiring human interaction– Server time, network storage– Resources wont have to a permanent part of
the client’s IT infrastructure
37
Essential characteristics: Resource pooling• As a consequence of the above• The providers resources are pooled to
serve multiple consumers using a multi-tenant model
• Multiple resources assigned and re-assigned to clients– Storage, processing power, bandwidth …
• Consumers need not to know the physical location of the service
38
Service model: SaaS
• provides service to customers in the form of application software
• Clients need not to install
• Clients can access application via various platforms thru a simple interface (often a browser)
39
Service model: PaaS
• Provides service to customers in the form of a platform on the which the customer apps can run
• Clients deploy on the cloud
• PaaS provides useful building block/tools
40
Service model: IaaS
• Provides clients access to the underlying cloud infrastructure
• VM and other abstracted hardware, OS, APIs
• Amazon Elastic Computing (EC2) and Windows Azure
41
Deployment models
• Public: the cloud resources/services are available to the general public
• Private: The cloud infrastructure is solely for an organization
• Community: the cloud infrastructure is for a specific community and is shared by several organizations
• Hybrid: a composition two or more of the above
42
A typical cloud service context
43
NIST’s reference architecture (conceptual model)
44
NIST’s reference architecture (conceptual model)• Cloud customer: A person or organization that
uses or is interested in cloud providers services• Cloud provider (CP): a person or organization
that makes cloud services available• Cloud auditor: A party that conducts
independent assessment of sources (e.g., security)
• Cloud broker: A party that manages use, performance,, negotiations
• Cloud carrier: An intermediator that provides connectivity and service transport
45
Cloud provider (CP)
• For SaaS: CP deploys, configures, maintains, updates app software
• For PaaS: CP manages the computing infrastructure for the platform (middleware, database, OS, programming languages, tools)
• For IaaS: CP acquires physical computing resources: servers, network, storage, …
46
Cloud security risks
• Abuse and nefarious use of cloud computing– Relatively easy to register for the services– Many cloud services offer free trials– Enables hackers to get inside to conduct
attacks (spamming, DoS, …)– The burden on CP to provide protection
• Countermeasures1. Stricter/restrict registration2. Enhanced credit card monitoring3. Comprehensive monitoring (traffic)
47
Cloud security risks
• Insecure interfaces of APIs– CPs expose a set of APIs for customers apps– Security depends on APIs: must be secure
(from authentication to encryption)
• Countermeasures1. Analyzing the security of APIs2. Ensuring strong authentication and access
control3. Understanding the dependency chair between
the APIs
48
Cloud security risks
• Malicious insiders– Client organization relinquishes many (or all) of
its IT and gives to the CP– A grave concern: malicious insider activity
• Countermeasures (by client)1. Comprehensive supplier assessment2. Specify human resource requirements as part
of legal contract3. Require transparency
49
Cloud security risks
• Shared technology issues– IaaS services are delivered in a scalable way by a
shared infrastructure (CPU caches, GPUs, …)– Probably not designed for multi-tenant
architecture– Vulnerable to attacks (insider and outsiders)
• Countermeasures1. Implement best security practices during
implementation, deployment, configuration2. Monitor environment for unauthorized activities3. Promote strong authentication and access control
50
Cloud security risks
• Data loss or leakage– Cloud storage may be the only backup storage– Could be devastating for many clients if data is
lost
• Countermeasures1. Implement strong API access control2. Encrypt and protect integrity when in transit3. Analyze data protection at design and run time
51
Cloud security risks
• Account or service hijacking– Usually with stolen credentials– Compromise confidentiality, integrity and
availability
• Countermeasures1. Prohibit sharing of credentials between users2. Leverage strong multi-factory authentication3. Employ proactive monitoring
52
Data protection in the cloud
• Data must be secured while at transit, in use, or at rest– Client can employ encryption for transit– Client can encrypt data for storage (rest) but
can also be CP’s responsibility (key management)
53
Cloud security as a service
• Identify management• Data loss prevention• Web security• E-mail security• Encryption• Business continuity• Network security• …
54
Summary
• Introduced databases and DBMS• Relational databases• Database access control issues
– SQL, role-based
• Inference• Statistical database security issues• Database encryption• Cloud security